<?php

/*
	This file is part of Mandragon.

    Mandragon is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    Mandragon is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with Mandragon.  If not, see <http://www.gnu.org/licenses/>.
*/

class AccessManager {

	private $db_access;
	private $error_nav;

	public function __construct() {
		$this->db_access = new DbAccessor();
		$this->error_nav = new ErrorNavigation();
	}

	public function set_db_accessor($db_access) {
		$this->db_access = $db_access; 
	}

	public function set_error_navigation($error_nav) {
		$this->error_nav = $error_nav;
	}

	/**
	* generate accesslist for current directory and user and store it in
	* $ACCESSLIST
	*/
	function generate_accesslist($page) {
		global $ACCESSLIST;
		$ACCESSLIST = $this->generate_accesslist_for_directory_for_user($page->directory_tree, $_SESSION);
	}

	/**
	 * generate an array containing the access parameters for the given user
	 * on the given directory
	 */
	function generate_accesslist_for_directory_for_user($directory_tree, $user_info) {
		
		$ACCESSLIST = array();
		
		for ($i = 0; $i < count($directory_tree); $i++) {
			$dirs .= $directory_tree[$i]['dir_id'].",";
		}
		$dirs .= "0";
		
		$where = "ACCESS_RULE.action_id = ACCESS_ACTION.action_id AND \n\tACCESS_RULE.dir_id IN ($dirs) AND \n\t(\n\t\t";
		if ($user_info['user_id']) {
			$where .= "ACCESS_RULE.user_id = {$user_info['user_id']} OR \n\t\t";
			for ($i = 0; $i < count($user_info['user_groups']); $i++) {
				$groups .= $user_info['user_groups'][$i].",";
			}
			$groups .= "-1";
			$where .= "ACCESS_RULE.usergroup_id IN ($groups) OR \n\t\t";
		}
		$where .= "ACCESS_RULE.ipstring LIKE '" . 
				$_SERVER["REMOTE_ADDR"] . " - " . 
				$_SERVER["HTTP_X_FORWARDED_FOR"]."' OR \n\t\t";
		$where .= "ACCESS_RULE.guest > 0\n\t)";
		
		$order = "rank ASC";
		
		$sql = $this->db_access->db_query_select(
				array(
						array('allow'),
						array('action')), 
				array("ACCESS_RULE", "ACCESS_ACTION"), 
				$where,
				$order);
		
		$sqlresult = $this->db_access->db_do_query($sql);
		
		if ($this->db_access->db_num_rows($sqlresult) < 1) {
			$this->error_nav->errorpage(3);
		}
		
		while ($result = $this->db_access->db_fetch_array($sqlresult)) {
			array_push($ACCESSLIST, $result);
		}
		
		return $ACCESSLIST;
	}

	function has_access($str) {
		global $ACCESSLIST;
		return $this->check_access_in_list($str, $ACCESSLIST);
	}

	function has_any_add_access() {
		global $ACCESSLIST;
		return $this->check_access_in_list("^ADD", $ACCESSLIST, 1);
	}

	function check_access($str) {
		global $ACCESSLIST;
		if (!$this->check_access_in_list($str, $ACCESSLIST)) {
			$this->error_nav->errorpage(5);
		}
	}

	/**
	 * checks whether the given access parameter is in the supplied access list
	 */
	function check_access_in_list($desired_string, $accesslist, $regexp = false) {
		
		for ($i = 0; $i < count($accesslist); $i++) {
			if (eregi( ($regexp ? $desired_string : "^{$desired_string}$"), $accesslist[$i]['action'])) {
				if ($accesslist[$i]['allow']) {
					return true;
				} 
				if (!$regexp) {
					return false;
				}
			}
		}
		
		return false;
	}

	function printAL() {
		global $ACCESSLIST;
		echo "<ol>";
		for ($i = 0; $i < count($ACCESSLIST); $i++)
			echo "<li>{$ACCESSLIST[$i]['action']} - {$ACCESSLIST[$i]['allow']}";
		echo "</ol>";
	}
}

?>
